HHS report responds to MassHealth failure in securing data

HHS has released a summary report on the failure of the Massachusetts Medicaid program (MassHealth) to secure Medicaid Management Information System (MMIS) data and supporting systems within federal requirements.

The Public Summary Report overviews the vulnerabilities MassHealth in security management, configuration management, system software controls and website and database vulnerability scans. A data breach was not detected, but one could have led to unauthorized access to the critical operations of MassHealth.

"The vulnerabilities were collectively and, in some cases, individually significant and could have potentially compromised the confidentiality, integrity and availabilityof MassHealth’s MMIS," the report read. "These vulnerabilities existed because MassHealth did not implement sufficient controls over its Medicaid data and information systems."

The report recommends MassHealth follow HHS recommendations to restore security.